/**
* A function to convert the $_SERVER['REMOTE_ADDR'] global variable
* from the current value to the real remote viewer's value, should
* that viewer be coming via an HTTP proxy.
*
* Only performs this conversion if the option to do so is set in the
* configuration file.
*/
function MAX_remotehostProxyLookup()
{
$conf = $GLOBALS['_MAX']['CONF'];
// Should proxy lookup conversion be performed?
if ($conf['logging']['proxyLookup']) {
OX_Delivery_logMessage('checking remote host proxy', 7);
// Determine if the viewer has come via an HTTP proxy
$proxy = false;
if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxy = true;
} elseif (!empty($_SERVER['REMOTE_HOST'])) {
$aProxyHosts = array('proxy', 'cache', 'inktomi');
foreach ($aProxyHosts as $proxyName) {
if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) {
$proxy = true;
break;
}
}
}
// Has the viewer come via an HTTP proxy?
if ($proxy) {
OX_Delivery_logMessage('proxy detected', 7);
// Try to find the "real" IP address the viewer has come from
$aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
foreach ($aHeaders as $header) {
if (!empty($_SERVER[$header])) {
$ip = $_SERVER[$header];
break;
}
}
if (!empty($ip)) {
// The "remote IP" may be a list, ensure that
// only the FIRST non-private value is used in that case
// See http://en.wikipedia.org/wiki/X-Forwarded-For#Format
foreach (explode(',', $ip) as $ip) {
$ip = trim($ip);
// If the found address is not unknown or a private network address
if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) {
// Set the "real" remote IP address, and unset
// the remote host (as it will be wrong for the
// newly found IP address) and HTTP_VIA header
// (so that we don't accidently do this twice)
$_SERVER['REMOTE_ADDR'] = $ip;
$_SERVER['REMOTE_HOST'] = '';
$_SERVER['HTTP_VIA'] = '';
OX_Delivery_logMessage('real address set to ' . $ip, 7);
break;
}
}
}
}
}
}
function MAX_remotehostProxyLookup()
{
$conf = $GLOBALS['_MAX']['CONF'];
if ($conf['logging']['proxyLookup']) {
OX_Delivery_logMessage('checking remote host proxy', 7);
$proxy = false;
if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxy = true;
} elseif (!empty($_SERVER['REMOTE_HOST'])) {
$aProxyHosts = array('proxy', 'cache', 'inktomi');
foreach ($aProxyHosts as $proxyName) {
if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) {
$proxy = true;
break;
}
}
}
if ($proxy) {
OX_Delivery_logMessage('proxy detected', 7);
$aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
foreach ($aHeaders as $header) {
if (!empty($_SERVER[$header])) {
$ip = $_SERVER[$header];
break;
}
}
if (!empty($ip)) {
foreach (explode(',', $ip) as $ip) {
$ip = trim($ip);
if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) {
$_SERVER['REMOTE_ADDR'] = $ip;
$_SERVER['REMOTE_HOST'] = '';
$_SERVER['HTTP_VIA'] = '';
OX_Delivery_logMessage('real address set to ' . $ip, 7);
break;
}
}
}
}
}
}
/**
* A function to determine if a given IP address is in a private network or
* not.
*
* @param string $ip The IP address to check.
* @return boolean Returns true if the IP address is in a private network,
* false otherwise.
*/
function test_MAX_remotehostPrivateAddress()
{
$return = MAX_remotehostPrivateAddress('127.0.0.1');
$this->assertTrue($return);
$return = MAX_remotehostPrivateAddress('127.10.0.2');
$this->assertTrue($return);
$return = MAX_remotehostPrivateAddress('10.1.0.23');
$this->assertTrue($return);
$return = MAX_remotehostPrivateAddress('172.16.0.0');
$this->assertTrue($return);
$return = MAX_remotehostPrivateAddress('172.31.255.255');
$this->assertTrue($return);
$return = MAX_remotehostPrivateAddress('172.15.255.255');
$this->assertFalse($return);
$return = MAX_remotehostPrivateAddress('172.32.0.1');
$this->assertFalse($return);
$return = MAX_remotehostPrivateAddress('8.8.8.8');
$this->assertFalse($return);
}
/**
* A function to convert the $_SERVER['REMOTE_ADDR'] global variable
* from the current value to the real remote viewer's value, should
* that viewer be coming via an HTTP proxy.
*
* Only performs this conversion if the option to do so is set in the
* configuration file.
*/
function MAX_remotehostProxyLookup()
{
$conf = $GLOBALS['_MAX']['CONF'];
// Should proxy lookup conversion be performed?
if ($conf['logging']['proxyLookup']) {
###START_STRIP_DELIVERY
if ($conf['deliveryLog']['enabled']) {
OA::debug('checking remote host proxy');
}
###END_STRIP_DELIVERY
// Determine if the viewer has come via an HTTP proxy
$proxy = false;
if (!empty($_SERVER['HTTP_VIA']) || !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxy = true;
} elseif (!empty($_SERVER['REMOTE_HOST'])) {
$aProxyHosts = array('proxy', 'cache', 'inktomi');
foreach ($aProxyHosts as $proxyName) {
if (strpos($_SERVER['REMOTE_HOST'], $proxyName) !== false) {
$proxy = true;
break;
}
}
}
// Has the viewer come via an HTTP proxy?
if ($proxy) {
###START_STRIP_DELIVERY
if ($conf['deliveryLog']['enabled']) {
OA::debug('proxy detected');
}
###END_STRIP_DELIVERY
// Try to find the "real" IP address the viewer has come from
$aHeaders = array('HTTP_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
foreach ($aHeaders as $header) {
if (!empty($_SERVER[$header])) {
$ip = $_SERVER[$header];
break;
}
}
if (!empty($ip)) {
// The "remote IP" may be a list, ensure that
// only the last item is used in that case
$ip = explode(',', $ip);
$ip = trim($ip[count($ip) - 1]);
// If the found address is not unknown or a private network address
if ($ip != 'unknown' && !MAX_remotehostPrivateAddress($ip)) {
// Set the "real" remote IP address, and unset
// the remote host (as it will be wrong for the
// newly found IP address) and HTTP_VIA header
// (so that we don't accidently do this twice)
$_SERVER['REMOTE_ADDR'] = $ip;
$_SERVER['REMOTE_HOST'] = '';
$_SERVER['HTTP_VIA'] = '';
###START_STRIP_DELIVERY
if ($conf['deliveryLog']['enabled']) {
OA::debug('real address set to ' . $ip);
}
###END_STRIP_DELIVERY
}
}
}
}
}
